A Guide to Clinton’s Emails

FBI Director James Comey announced on July 5 that he will not recommend criminal charges in connection with Hillary Clinton’s use of a personal email system while secretary of state. His decision, however, will not end the political debate over Clinton’s judgment.

Here we provide answers to common questions about Clinton’s emails.

When did Clinton set up her private server, and where was it located?

A report issued by the State Department’s independent inspector general in May said Clinton used “a personal email system to conduct business” while she was a U.S. senator and during her 2008 presidential campaign. (She was a senator from New York from January 2001 to January 2009, when President Obama nominated her to be secretary of state.) “She continued to use personal email throughout her term as Secretary, relying on an account maintained on a private server, predominantly through mobile devices. Throughout Secretary Clinton’s tenure, the server was located in her New York residence,” the IG report said.

FBI Director James Comey said there were “several different servers and administrators of those servers during her four years at the State Department.” The FBI director added, “As new servers and equipment were employed, older servers were taken out of service, stored, and decommissioned in various ways.”

Was Clinton allowed to use personal email for government business?

Yes, the occasional use of a personal email account is permitted in certain circumstances, such as emergencies. As we wrote, the IG report said it found “many examples of staff using personal email accounts to conduct official business.” But, as we also wrote, the National Archives and Records Administration requires all work-related emails to be properly preserved. Federal rules required Clinton to preserve work emails and turn them over before leaving office, but she did not turn over her emails until 21 months after she left office.

Was she allowed to use a private server?

No. As we wrote, the IG report said that it has been department policy since 2005 — four years before Clinton took office — that “normal day-to-day operations” be conducted on government servers. The report noted that the department’s Foreign Affairs Manual was updated in November 2005 to say “it is the Department’s general policy that normal day-to-day operations be conducted on an authorized [automated information system].” The IG made a distinction between occasional use in emergencies and exclusive use of personal email. “Beginning in late 2005 and continuing through 2011, the Department revised the FAM and issued various memoranda specifically discussing the obligation to use Department systems in most circumstances and identifying the risks of not doing so,” the IG report said

Did Clinton seek government approval to use a private server for her personal email account?

No. The IG report said Clinton “had an obligation” to discuss her email system with the department, but it could find “no evidence” that Clinton sought approval for her unusual email arrangement. If she did, the report says her request would have been denied by the bureaus of Diplomatic Security and Information Resource Management. Brian Fallon, a Clinton campaign spokesman, has told us: “It did not occur to her that having it on a personal server could be so distinct that it would be unapproved.”

Did other secretaries of state use personal emails for government business?

The IG report confirmed what we had previously written: Among Clinton’s predecessors, only Colin Powell (Jan. 20, 2001–Jan. 26, 2005) used a personal email account for government business. Madeleine Albright (Jan. 23, 1997–Jan. 20, 2001) did not use email at all, and Condoleezza Rice (Jan. 26, 2005–Jan. 20, 2009) did not use a personal email account to conduct government business, the IG report said. Clinton’s successor, Secretary of State John Kerry, told the inspector general’s office that he “infrequently” used a personal email account for government business “when responding to a sender who emailed him on his personal account.”

No other secretary of state maintained a private server that was used for government business.

Did Clinton have a government email account?

No. The FBI said she declined to have one set up for her.

The State Department’s information technology staff did create two email accounts associated with Clinton that were not used by her. One was used to send mass emails to all State Department employees on her behalf. That was SMSGS@state.gov, and it was not configured to receive emails. The other was SSHRC@state.gov, which was created only to manage Clinton’s Outlook Calendar. That one was not configured to send or receive emails. (See page 10.)

How many mobile devices did Clinton use while secretary of state?

Clinton used eight e-mail capable BlackBerry mobile devices during her four years at the State Department from January 2009 to February 2013.

In a summary of its investigation released on Sept. 2, the FBI said it “identified 13 total mobile devices, associated with her two known phone numbers,” both with New York area codes, “which potentially were used to send e-mails using Clinton’s clintonemail.com e-mail addresses.”

But only eight of the 13 were used while she was secretary of state, and they were used in succession – not at the same time.

“Investigation determined Clinton used in succession 11 e-mail capable BlackBerry mobile devices associated with 212 [number redacted], eight of which she used during her tenure as Secretary of State. Investigation determined Clinton used two e-mail capable devices associated with 212 [redacted] after her tenure” as secretary.

The FBI requested all 13 mobile devices associated with the 212 numbers, but Clinton’s attorneys said she no longer had them – so the FBI “was unable to acquire or forensically examine any of these 13 mobile devices.”

The FBI said that Clinton’s lawyers turned over “two other Blackberry devices,” but an “FBI forensic analysis found no evidence” that they were connected to any of Clinton’s private servers or contained any emails from her time at State.

Additionally, the FBI said that it identified “five iPad devices associated with Clinton which potentially were used to send e-mails from Clinton’s clintonemail.com addresses.” The FBI obtained and reviewed three of the five. One of them contained three draft emails, none of which contained classified information. The FBI did not recover any emails from the other two iPads. (See pages 8- 9.)

Did Clinton use any of the iPads to send and receive emails?

Yes. Clinton told the FBI that she set up her private server for convenience — “to avoid carrying multiple devices” — for personal and official business. However, as we reported, she used an iPad to at least occasionally send and receive emails, in addition to her Blackberry — a fact confirmed by Clinton and her former deputy chief of staff, Huma Abedin.

In its notes, the FBI said: “According to Abedin and Clinton, Clinton did not use a computer and she primarily used her BlackBerry or iPad for checking e-mails.” (See Page 13.)

When did the public learn that Clinton used a personal email account to conduct government business?

As we wrote last year, the existence of Clinton’s private email account was first publicly revealed in March 2013, when the Smoking Gun wrote severalstories about a hacker who broke into the AOL account of former Clinton aide Sidney Blumenthal. Smoking Gun showed screen grabs of emails Blumenthal had sent to Clinton’s private email account, hdr22@clintonemail.com, when she was secretary of state. “Blumenthal’s memos and e-mails to Clinton were sent to her at a non-governmental e-mail address through the web domain ‘clintonemail.com,’” Smoking Gun reported on March 18, 2013.

However, it was not known that Clinton used her private email account exclusively for government business until the New York Times broke the story on March 2, 2015. As we have written, the Washington Post later reported that the House Select Committee on Benghazi had requested documents from the State Department in the summer of 2014, and the department discovered that Clinton did not use a government email account and instead exclusively used her personal email account for government business.

“In the process of responding to congressional document requests pertaining to Benghazi, State Department officials recognized that it had access to relatively few email records from former Secretary Clinton,” State Department spokesman John Kirby told the Post in a statement. “State Department officials contacted her representatives during the summer of 2014 to learn more about her email use and the status of emails in that account.”

How many emails were on Clinton’s personal server, and what did she do with the emails when she left office?

Clinton’s office disclosed in March 2015 that her private server had a total of 62,320 emails. It said at that time that her lawyers went through the emails and identified 30,490 work-related emails and 31,830 private emails. In December 2014, about 21 months after she left office, Clinton gave the State Department the 30,490 work-related emails totaling roughly 55,000 pages. She indicated that she deleted the others. “I didn’t see any reason to keep them,” she said at a March 10, 2015, press conference.

However, Comey said Clinton had multiple servers during her four years as secretary of state, and not all of her work-related emails were turned over to the State Department. The FBI recovered “several thousand work-related emails” that were not provided to the State Department, and he said it was possible they included some of the emails “deleted as ‘personal’ by her lawyers when they reviewed and sorted her emails for production in late 2014.”

Were any work-related emails intentionally deleted?

There is no evidence to date that work-related emails were intentionally deleted.

In all, the FBI recovered about 14,900 emails that were not part of the 30,000 work-related emails that Clinton turned over to the State Department in December 2014. But we don’t know yet how many of them were work-related. The State Department, which is under court order to release the emails recovered by the FBI, is in the process of determining how many of those are work-related, and how many of them have already been released to the public.

On Sept. 7, government officials disclosed that 30 of the emails were related to Benghazi, but only one had been previously undisclosed and two others were “near duplicates” of emails that had already been publicly released.

Comey said the FBI “found no evidence that any of the additional work-related emails were intentionally deleted in an effort to conceal them in some way.” In his July 5 press conference, Comey said “like many e-mail users, Secretary Clinton periodically deleted e-mails or e-mails were purged from the system when devices were changed.”

When did Clinton delete her 31,830 private emails?

The FBI on Sept. 2 released a two-part summary of its investigation of Clinton that said the former secretary of state’s emails were deleted “sometime between March 25-31, 2015.″ That was about three weeks after the House Select Committee on Benghazi served Clinton with a subpoena on March 4, 2015, to produce any emails related to its investigation into the deaths of four Americans in Benghazi in 2012.

Initially, the campaign had told us that the deletions occurred sometime between December 2014 and March 4, 2015, but did not provide a date. Clinton campaign spokesman Josh Schwerin later told us that Clinton and her attorneys had no knowledge of the email deletions in late March 2015 until the FBI released its report on Sept. 2.

Here’s what the FBI report said: By December 2014, Clinton’s lawyers had completed their review of her emails, and sent her work-related emails to the State Department. At that time, a Clinton lawyer told Platte River Networks – which was maintaining Clinton’s private server – that the former secretary no longer needed any emails that were more than 60 days old, and instructed an unnamed PRN employee “to modify the e-mail retention policy … to reflect this change.” The PRN employee told the FBI that “sometime between March 25-31, 2015″ he realized he did not make the change requested by Clinton’s office and he deleted her old emails at that time.

When did the FBI begin its investigation, and why?

The inspectors general for the State Department and Intelligence Community in July 2015 reviewed 40 of Clinton’s emails and found that four did contain classified information, referring the case to the FBI for what they called an investigation into the “potential compromise of classified information.”

Comey said the FBI investigated whether there was any evidence that “classified information was improperly stored or transmitted” on Clinton’s server “in violation of a federal statute making it a felony to mishandle classified information either intentionally or in a grossly negligent way, or a second statute making it a misdemeanor to knowingly remove classified information from appropriate systems or storage facilities.” It also investigated “whether there is evidence of computer intrusion in connection with the personal email server by any foreign power, or other hostile actors.”

Did Clinton’s emails contain classified information?

Yes. More than 2,000 of the 30,490 emails Clinton turned over to the State Department in December 2014 contained classified information, including 110 emails in 52 email chains that contained classified information at the time they were sent or received, Comey said. The FBI director said “a very small number” of the emails containing classified information “bore markings indicating the presence of classified information,” contrary to Clinton’s claims that none was marked classified.

“Although we did not find clear evidence that Secretary Clinton or her colleagues intended to violate laws governing the handling of the classified information, there is evidence that they were extremely careless in their handling of very sensitive, highly classified information,” Comey said.

Did hackers successfully break into her computer and access her emails?

Attempts were made, but the IG and FBI found no evidence that any attempt was successful. That does not mean, however, that none was successful.

The IG report said hackers attempted to access Clinton’s server on Jan. 9, 2011, but Clinton’s technical support adviser shut down the server to deny access. The report also said that Clinton received two phishing email messages on May 13, 2011, that contained suspicious links. Both attempted breaches should have been reported, but were not, according to the IG report.

The FBI director said the lack of direct evidence that Clinton’s server was successfully hacked by “any foreign power or other hostile actors” doesn’t mean it wasn’t. “[G]iven the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence,” Comey said. “We do assess that hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact from her personal account. We also assess that Secretary Clinton’s use of a personal email domain was both known by a large number of people and readily apparent. She also used her personal email extensively while outside the United States, including sending and receiving work-related emails in the territory of sophisticated adversaries. Given that combination of factors, we assess it is possible that hostile actors gained access to Secretary Clinton’s personal email account.”

Did Clinton or her staff violate any federal laws or policies?

Comey said the FBI found evidence of “potential violations” of federal law, but such cases are generally not prosecuted. “Although there is evidence of potential violations of the statutes regarding the handling of classified information, our judgment is that no reasonable prosecutor would bring such a case,” Comey said.

It’s clear, though, that she violated department policies. Comey said, “To be clear, this is not to suggest that in similar circumstances a person who engaged in this activity would face no consequences. To the contrary, those individuals are often subject to security or administrative sanctions. But that is not what we are deciding now.”

Similarly, the IG report found that Clinton violated department policies that were in place at the time. That report cited the case of Jonathan Scott Gration, a former ambassador to Kenya, who ignored instructions in July 2011 not to use commercial email for government business and resigned in mid-2012 when the department initiated disciplinary action against him. “[T]he Department’s response to his actions demonstrates how such usage is normally handled when Department cybersecurity officials become aware of it,” the report said.

Is the FBI investigation into Clinton closed?

No. It was closed in July, but then Comey, the FBI director, announced on Oct. 28 that the FBI will review previously undisclosed “emails that appear to be pertinent to the investigation.”

Two days after announcing he was not recommending that charges be brought in the case, Comey told Congress at a July 7 House hearing that the FBI investigation of Clinton’s emails was closed. Asked a question about why he offered a Clinton aide immunity, Comey said he wasn’t sure if he could answer the question, even though the investigation had been closed. “I’m not sure what I can talk about in opening setting about that,” Comey said. “I want to be careful. I’m doing this 24 hours after the investigation closed. I want to be thoughtful cause we’re, as you know, big about the law, that I’m following the law about what I disclose about that.”

However, on Oct. 28, Comey sent a letter to Congress that said the FBI would review new information in the case. “In connection with an unrelated case, the FBI has learned of the existence of emails that appear to be pertinent to the investigation,” Comey wrote. He said FBI investigators will review those emails “to determine whether they contain classified information, as well as to assess their importance to our investigation.” Comey wrote that “the FBI cannot yet assess whether this material may be significant” or how long the review will take.

Update, Sept. 9: This article has been updated to reflect the FBI summaries of its interview of Clinton and its investigation of her email use. We added four additional questions that address whether she had a government email account, how many email-compatible mobile devices she had, and when her personal emails were deleted. We also updated the question on whether work-related emails were intentionally deleted with new information.

Update, Oct. 28: This article has been updated to include the FBI’s decision to review previously undisclosed emails.